public static function Sync($ldap_server_id)
{
global $DB, $USER, $APPLICATION;
if (!is_object($USER)) {
$USER = new CUser();
$bUSERGen = true;
}
$dbLdapServers = CLdapServer::GetById($ldap_server_id);
if (!($oLdapServer = $dbLdapServers->GetNextServer())) {
return false;
}
if (!$oLdapServer->Connect()) {
return false;
}
if (!$oLdapServer->BindAdmin()) {
$oLdapServer->Disconnect();
return false;
}
$APPLICATION->ResetException();
$db_events = GetModuleEvents("ldap", "OnLdapBeforeSync");
while ($arEvent = $db_events->Fetch()) {
$arParams['oLdapServer'] = $oLdapServer;
if (ExecuteModuleEventEx($arEvent, array(&$arParams)) === false) {
if (!($err = $APPLICATION->GetException())) {
$APPLICATION->ThrowException("Unknown error");
}
return false;
}
}
// select all users from LDAP
$arLdapUsers = array();
$ldapLoginAttr = strtolower($oLdapServer->arFields["~USER_ID_ATTR"]);
$APPLICATION->ResetException();
$dbLdapUsers = $oLdapServer->GetUserList();
$ldpEx = $APPLICATION->GetException();
while ($arLdapUser = $dbLdapUsers->Fetch()) {
$arLdapUsers[strtolower($arLdapUser[$ldapLoginAttr])] = $arLdapUser;
}
unset($dbLdapUsers);
// select all Bitrix CMS users for this LDAP
$arUsers = array();
CTimeZone::Disable();
$dbUsers = CUser::GetList($o, $b, array("EXTERNAL_AUTH_ID" => "LDAP#" . $ldap_server_id));
CTimeZone::Enable();
while ($arUser = $dbUsers->Fetch()) {
$arUsers[strtolower($arUser["LOGIN"])] = $arUser;
}
unset($dbUsers);
if (!$ldpEx || $ldpEx->msg != 'LDAP_SEARCH_ERROR') {
$arDelLdapUsers = array_diff(array_keys($arUsers), array_keys($arLdapUsers));
}
if (strlen($oLdapServer->arFields["SYNC_LAST"]) > 0) {
$syncTime = MakeTimeStamp($oLdapServer->arFields["SYNC_LAST"]);
} else {
$syncTime = 0;
}
$arCache = array();
// selecting a list of groups, from which users will not be imported
$noImportGroups = array();
$dbGroups = CLdapServer::GetGroupBan($ldap_server_id);
while ($arGroup = $dbGroups->Fetch()) {
$noImportGroups[md5($arGroup['LDAP_GROUP_ID'])] = $arGroup['LDAP_GROUP_ID'];
}
$cnt = 0;
// have to update $oLdapServer->arFields["FIELD_MAP"] for user fields
// for each one of them looking for similar in user list
foreach ($arLdapUsers as $userLogin => $arLdapUserFields) {
if (!is_array($arUsers[$userLogin])) {
if ($oLdapServer->arFields["SYNC_USER_ADD"] != "Y") {
continue;
}
// if user is not found among already existing ones, then import him
// в $arLdapUserFields - user fields from ldap
$userActive = $oLdapServer->getLdapValueByBitrixFieldName("ACTIVE", $arLdapUserFields);
if ($userActive != "Y") {
continue;
}
$arUserFields = $oLdapServer->GetUserFields($arLdapUserFields, $departmentCache);
// $arUserFields here contains LDAP user fields for a LDAP user
// make a check, whether this user belongs to those groups only, from which import will not be made...
$allUserGroups = $arUserFields['LDAP_GROUPS'];
$userImportIsBanned = true;
foreach ($allUserGroups as $groupId) {
$groupId = trim($groupId);
if (!empty($groupId) && !array_key_exists(md5($groupId), $noImportGroups)) {
$userImportIsBanned = false;
break;
}
}
// ...if he does not, then import him
if (!$userImportIsBanned || empty($allUserGroups)) {
$oLdapServer->SetUser($arUserFields);
}
} else {
// if date of update is set, then compare it
$ldapTime = time();
if ($syncTime > 0 && strlen($oLdapServer->arFields["SYNC_ATTR"]) > 0 && preg_match("'([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})\\.0Z'", $arLdapUserFields[strtolower($oLdapServer->arFields["SYNC_ATTR"])], $arTimeMatch)) {
$ldapTime = gmmktime($arTimeMatch[4], $arTimeMatch[5], $arTimeMatch[6], $arTimeMatch[2], $arTimeMatch[3], $arTimeMatch[1]);
$userTime = MakeTimeStamp($arUsers[$userLogin]["TIMESTAMP_X"]);
}
if ($syncTime < $ldapTime || $syncTime < $userTime) {
// make an update
$arUserFields = $oLdapServer->GetUserFields($arLdapUserFields, $arCache);
$arUserFields["ID"] = $arUsers[$userLogin]["ID"];
//echo $arUserFields["LOGIN"]." - updated<br>";
$oLdapServer->SetUser($arUserFields);
$cnt++;
}
}
}
foreach ($arDelLdapUsers as $userLogin) {
$USER = new CUser();
if (isset($arUsers[$userLogin]) && $arUsers[$userLogin]['ACTIVE'] == 'Y') {
$ID = intval($arUsers[$userLogin]["ID"]);
$USER->Update($ID, array('ACTIVE' => 'N'));
}
}
$oLdapServer->Disconnect();
CLdapServer::Update($ldap_server_id, array("~SYNC_LAST" => $DB->CurrentTimeFunction()));
if ($bUSERGen) {
unset($USER);
}
return $cnt;
}
if (array_key_exists("LDAP_NOIMP_GROUPS", $_REQUEST)) {
if (!$arGroups) {
$arGroups = array();
}
// add groups, which import is forbidden, to common mapping with an id of -1
foreach ($noimportGroups as $ldapGroupId) {
$arGroups[] = array("LDAP_GROUP_ID" => $ldapGroupId, "GROUP_ID" => -1);
}
}
$arFields = array("NAME" => $_REQUEST['NAME'], "DESCRIPTION" => $_REQUEST['DESCRIPTION'], "CODE" => $_REQUEST['CODE'], "SERVER" => $_REQUEST['SERVER'], "PORT" => $_REQUEST['PORT'], "CONVERT_UTF8" => $_REQUEST['CONVERT_UTF8'], "ADMIN_LOGIN" => $_REQUEST['ADMIN_LOGIN'], "ACTIVE" => $_REQUEST['ACTIVE'], "ADMIN_PASSWORD" => $_REQUEST['ADMIN_PASSWORD'], "BASE_DN" => $_REQUEST['BASE_DN'], "GROUP_FILTER" => $_REQUEST['GROUP_FILTER'], "GROUP_ID_ATTR" => $_REQUEST['GROUP_ID_ATTR'], "GROUP_NAME_ATTR" => $_REQUEST['GROUP_NAME_ATTR'], "GROUP_MEMBERS_ATTR" => $_REQUEST['GROUP_MEMBERS_ATTR'], "USER_FILTER" => $_REQUEST['USER_FILTER'], "USER_ID_ATTR" => $_REQUEST['USER_ID_ATTR'], "USER_NAME_ATTR" => $_REQUEST['USER_NAME_ATTR'], "USER_LAST_NAME_ATTR" => $_REQUEST['USER_LAST_NAME_ATTR'], "USER_EMAIL_ATTR" => $_REQUEST['USER_EMAIL_ATTR'], "USER_GROUP_ATTR" => $_REQUEST['USER_GROUP_ATTR'], "USER_GROUP_ACCESSORY" => $_REQUEST['USER_GROUP_ACCESSORY'], "SYNC_PERIOD" => $_REQUEST['SYNC_PERIOD'], "SYNC" => $_REQUEST['SYNC'], "SYNC_ATTR" => $_REQUEST['SYNC_ATTR'], "USER_DEPARTMENT_ATTR" => $_REQUEST['USER_DEPARTMENT_ATTR'], "USER_MANAGER_ATTR" => $_REQUEST['USER_MANAGER_ATTR'], "IMPORT_STRUCT" => $_REQUEST['IMPORT_STRUCT'], "STRUCT_HAVE_DEFAULT" => $_REQUEST['STRUCT_HAVE_DEFAULT'], "ROOT_DEPARTMENT" => $_REQUEST['ROOT_DEPARTMENT'], "DEFAULT_DEPARTMENT_NAME" => $_REQUEST['DEFAULT_DEPARTMENT_NAME'], "FIELD_MAP" => $arUserFieldMap, "MAX_PAGE_SIZE" => $_REQUEST['MAX_PAGE_SIZE'], "SYNC_USER_ADD" => $_REQUEST['SYNC_USER_ADD']);
if (is_array($arGroups)) {
$arFields['GROUPS'] = $arGroups;
}
// apply form to server config
if ($ID > 0) {
$res = CLdapServer::Update($ID, $arFields);
} else {
$ID = CLdapServer::Add($arFields);
$res = $ID > 0;
}
if ($res) {
if (strlen($save) > 0) {
if (substr($_REQUEST['back_url'], 0, 1) == '/') {
LocalRedirect($_REQUEST['back_url'] . '&ldapServer=' . $ID);
} else {
LocalRedirect("ldap_server_admin.php?lang=" . LANG);
}
} else {
LocalRedirect($APPLICATION->GetCurPage() . "?lang=" . LANG . "&ID=" . $ID . "&tabControl_active_tab=" . urlencode($tabControl_active_tab));
}
} else {
}
if($USER->LAST_ERROR!='')
$strUserImportError .= $arUserFields["LOGIN"].': '.$USER->LAST_ERROR;
}
foreach ($arDelLdapUsers as $userLogin)
{
$USER = new CUser();
if (isset($arUsers[$userLogin]) && $arUsers[$userLogin]['ACTIVE'] == 'Y') {
$ID = intval($arUsers[$userLogin]["ID"]);
$USER->Update($ID, array('ACTIVE' => 'N'));
}
}
$ldp->Disconnect();
CLdapServer::Update($ldapServer, array("~SYNC_LAST"=>$DB->CurrentTimeFunction()));
if (!empty($strUserImportError)) {
echo "<script type=\"text/javascript\">parent.window.ShowError('".CUtil::JSEscape($strUserImportError)."');</script>";
}
die("<script type=\"text/javascript\">parent.window.End($cntUsersImport);</script>");
}
}
}
$APPLICATION->SetTitle(GetMessage("USER_IMPORT_TITLE"));
require_once($_SERVER["DOCUMENT_ROOT"].FX_ROOT."/modules/main/include/prolog_admin_after.php");
CAdminMessage::ShowMessage($strError);
$arTabs = array(
foreach ($arID as $ID) {
if (strlen($ID) <= 0) {
continue;
}
$ID = IntVal($ID);
switch ($_REQUEST['action']) {
case "delete":
if (!CLdapServer::Delete($ID)) {
$lAdmin->AddGroupError(GetMessage("LDAP_ADMIN_DEL_ERR"), $ID);
}
break;
case "activate":
case "deactivate":
$ld = new CLdapServer();
$arFields = array("ACTIVE" => $_REQUEST['action'] == "activate" ? "Y" : "N");
if (!$ld->Update($ID, $arFields)) {
if ($e = $APPLICATION->GetException()) {
$lAdmin->AddUpdateError(GetMessage("SAVE_ERROR") . $ID . ". " . $e->GetString(), $ID);
}
}
break;
}
}
}
// initialise list - query data
$rsData = CLdapServer::GetList(array($by => $order), $arFilter);
$rsData = new CAdminResult($rsData, $sTableID);
$rsData->NavStart();
// set up navigation string
$lAdmin->NavText($rsData->GetNavPrint(GetMessage("LDAP_ADMIN_NAVSTRING")));
$arHeaders = array();
function Sync($ldap_server_id)
{
global $DB, $USER, $APPLICATION;
if (!is_object($USER)) {
$USER = new CUser();
$bUSERGen = true;
}
$dbLdapServers = CLdapServer::GetById($ldap_server_id);
if (!($oLdapServer = $dbLdapServers->GetNextServer())) {
return false;
}
if (!$oLdapServer->Connect()) {
return false;
}
if (!$oLdapServer->BindAdmin()) {
$oLdapServer->Disconnect();
return false;
}
$APPLICATION->ResetException();
$db_events = GetModuleEvents("ldap", "OnLdapBeforeSync");
while ($arEvent = $db_events->Fetch()) {
$arParams['oLdapServer'] = $oLdapServer;
if (ExecuteModuleEventEx($arEvent, array(&$arParams)) === false) {
if (!($err = $APPLICATION->GetException())) {
$APPLICATION->ThrowException("Unknown error");
}
return false;
}
}
// select all users from LDAP
$arLdapUsers = array();
$ldapLoginAttr = strtolower($oLdapServer->arFields["~USER_ID_ATTR"]);
$dbLdapUsers = $oLdapServer->GetUserList();
while ($arLdapUser = $dbLdapUsers->Fetch()) {
$arLdapUsers[strtolower($arLdapUser[$ldapLoginAttr])] = $arLdapUser;
}
unset($dbLdapUsers);
// select all Bitrix CMS users for this LDAP
$arUsers = array();
CTimeZone::Disable();
$dbUsers = CUser::GetList($o, $b, array("EXTERNAL_AUTH_ID" => "LDAP#" . $ldap_server_id));
CTimeZone::Enable();
while ($arUser = $dbUsers->Fetch()) {
$arUsers[strtolower($arUser["LOGIN"])] = $arUser;
}
unset($dbUsers);
$arDelLdapUsers = array_diff(array_keys($arUsers), array_keys($arLdapUsers));
if (strlen($oLdapServer->arFields["SYNC_LAST"]) > 0) {
$syncTime = MakeTimeStamp($oLdapServer->arFields["SYNC_LAST"]);
} else {
$syncTime = 0;
}
$arCache = array();
$cnt = 0;
// have to update $oLdapServer->arFields["FIELD_MAP"] for user fields
// for each one of them looking for similar in user list
foreach ($arLdapUsers as $userLogin => $arLdapUserFields) {
if (!is_array($arUsers[$userLogin])) {
continue;
}
// if date of update is set, then compare it
$ldapTime = time();
if ($syncTime > 0 && strlen($oLdapServer->arFields["SYNC_ATTR"]) > 0 && preg_match("'([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})\\.0Z'", $arLdapUserFields[strtolower($oLdapServer->arFields["SYNC_ATTR"])], $arTimeMatch)) {
$ldapTime = gmmktime($arTimeMatch[4], $arTimeMatch[5], $arTimeMatch[6], $arTimeMatch[2], $arTimeMatch[3], $arTimeMatch[1]);
$userTime = MakeTimeStamp($arUsers[$userLogin]["TIMESTAMP_X"]);
}
if ($syncTime < $ldapTime || $syncTime < $userTime) {
// make an update
$arUserFields = $oLdapServer->GetUserFields($arLdapUserFields, $arCache);
$arUserFields["ID"] = $arUsers[$userLogin]["ID"];
//echo $arUserFields["LOGIN"]." - updated<br>";
$oLdapServer->SetUser($arUserFields);
$cnt++;
}
}
foreach ($arDelLdapUsers as $userLogin) {
$USER = new CUser();
if (isset($arUsers[$userLogin]) && $arUsers[$userLogin]['ACTIVE'] == 'Y') {
$ID = intval($arUsers[$userLogin]["ID"]);
$USER->Update($ID, array('ACTIVE' => 'N'));
}
}
$oLdapServer->Disconnect();
CLdapServer::Update($ldap_server_id, array("~SYNC_LAST" => $DB->CurrentTimeFunction()));
if ($bUSERGen) {
unset($USER);
}
return $cnt;
}
